ClawHub

Self Health Monitor

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only self-monitoring skill, but it asks the agent to run proactively, inspect internal memory/state, and self-repair without clear limits or approval.

Install only if you explicitly want an agent that may monitor itself in the background. Before enabling it, set boundaries: read-only checks by default, named memory paths or metadata-only inspection, opt-in scheduling, alert suppression/rate limits, and manual approval before any self-repair or changes to memory, skills, agents, or configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill defines periodic triggering and proactive reporting in broad terms without scoping who authorizes execution, what environment it may inspect, or what rate limits apply. In an agent system, this can cause unintended repeated invocation, unnecessary tool use, and autonomous behaviors that exceed user expectations, especially because the skill is framed as operating without explicit user input.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Using broad natural-language phrasing like not waiting for the user to ask about status encourages activation around common conversational patterns rather than a precise invocation contract. That ambiguity increases the chance the skill will trigger during ordinary chat and perform monitoring or reporting behavior unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states it will inspect memory files, child-agent activity, issue alerts, and even self-repair, but it does not disclose the data-access scope, permission model, or safety constraints for those actions. This is dangerous because it normalizes autonomous inspection of potentially sensitive internal or user-derived data and permits state-changing behavior without clear guardrails, creating privacy, integrity, and operational risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal